Network computing has become a major technical focus and business strategy for many software development companies. This is due in part to the phenomenal growth of Internet-based environments and users' unquenchable thirst for knowledge. Web browsers, such as the Netscape Navigator produced by Netscape Communications Corporation, are now configured to immediately recognize, download (from the network or user's hard file) and launch software applications from a user's workstation. Accompanying this ability to access information in the Internet-based environment are problems associated with protecting software assets on the workstation from hostile or destructive virus applications.
A software or computer virus is a special piece of program code that exists within, or infects, an otherwise normal computer program. When an infected application program is executed, the viral code seeks out other programs within the computer workstation and replicates itself. Infected programs may exist anywhere in the computer workstation including the operating system itself, and if undetected, can have devastating effects such as interfering with system operations or destroying data stored within the workstation.
A number of prior art techniques have been devised to address the detection and prevention of hostile or destructive virus applications. One approach uses a separate program to search or scan a computer's memory and disk storage for the characteristic pattern or signature of known viruses. One problem with this approach is the fact that it frequently depends on the computer user to manually invoke the scanning software. Another problem with this approach is the unacceptable amount of time the user must wait while the workstation is scanned.
Another prior art technique detects alteration of a program by calculating a checksum value for the application program under examination, and comparing it to a known checksum value of the original pristine version of the application program. If the program being examined has been infected by a computer virus, or otherwise altered, the checksum value of the program will have been changed as well. This technique suffers from the limitations requiring the user maintain the value of the checksum for the original pristine value (if known), and invoking the checksum program to perform the examination.
Still another prior art procedure halts the operation of a computer workstation when an executable file is detected and an inquiry is made to the computer user whether to execute an application file. The procedure changes the file extension for the executable file if the user indicates that the application file should not be executed. One problem with this procedure is that the user, who may not know the source of the executable file, must predict the effect of the executable file if executed on the workstation.
Consequently, it would be desirable to provide network security for a web browser-based interface to prevent the execution of hostile or destructive virus applications on a computer workstation connected to a network.